middleware test

2026-01-03 22:05:00 +01:00
parent c589b3c3fe
commit bc7cb2e20a
7 changed files with 680 additions and 78 deletions
--- a/tests/shared/website/WebsiteAuthManager.ts
+++ b/tests/shared/website/WebsiteAuthManager.ts
@@ -1,20 +1,110 @@
-import { BrowserContext, Browser } from '@playwright/test';
+import { APIRequestContext, Browser, BrowserContext, Page } from '@playwright/test';
+
+type AuthRole = 'auth' | 'admin' | 'sponsor';
+
+type Credentials = {
+  email: string;
+  password: string;
+};

 export interface AuthContext {
  context: BrowserContext;
-  role: 'auth' | 'admin' | 'sponsor';
+  page: Page;
+  role: AuthRole;
 }

 export class WebsiteAuthManager {
+  static async createAuthContext(browser: Browser, role: AuthRole): Promise<AuthContext>;
+  static async createAuthContext(browser: Browser, request: APIRequestContext, role: AuthRole): Promise<AuthContext>;
  static async createAuthContext(
    browser: Browser,
-    role: 'auth' | 'admin' | 'sponsor'
+    requestOrRole: APIRequestContext | AuthRole,
+    maybeRole?: AuthRole,
  ): Promise<AuthContext> {
-    const context = await browser.newContext();
+    const baseURL = process.env.PLAYWRIGHT_BASE_URL || 'http://localhost:3000';
+    const apiBaseUrl = process.env.API_BASE_URL || 'http://localhost:3101';
+
+    const role = (typeof requestOrRole === 'string' ? requestOrRole : maybeRole) as AuthRole;
+    const request = typeof requestOrRole === 'string' ? null : requestOrRole;
+
+    const context = await browser.newContext({ baseURL });
+
+    if (request) {
+      const token = await WebsiteAuthManager.loginViaApi(request, apiBaseUrl, role);
+
+      // Critical: the website (localhost:3000) must receive `gp_session` so middleware can forward it.
+      await context.addCookies([
+        {
+          name: 'gp_session',
+          value: token,
+          url: baseURL,
+          path: '/',
+          httpOnly: true,
+          sameSite: 'Lax',
+        },
+      ]);
+    }
+
+    const page = await context.newPage();
+
+    if (!request) {
+      await WebsiteAuthManager.loginViaUi(page, role);
+    }

    return {
      context,
+      page,
      role,
    };
  }
+
+  private static async loginViaApi(
+    request: APIRequestContext,
+    apiBaseUrl: string,
+    role: AuthRole,
+  ): Promise<string> {
+    const credentials = WebsiteAuthManager.getCredentials(role);
+
+    const res = await request.post(`${apiBaseUrl}/auth/login`, {
+      data: {
+        email: credentials.email,
+        password: credentials.password,
+      },
+    });
+
+    const setCookie = res.headers()['set-cookie'] ?? '';
+    const cookiePart = setCookie.split(';')[0] ?? '';
+    const token = cookiePart.startsWith('gp_session=') ? cookiePart.slice('gp_session='.length) : '';
+
+    if (!token) {
+      throw new Error(`Expected gp_session cookie from ${apiBaseUrl}/auth/login`);
+    }
+
+    return token;
+  }
+
+  private static async loginViaUi(page: Page, role: AuthRole): Promise<void> {
+    const credentials = WebsiteAuthManager.getCredentials(role);
+
+    await page.goto('/auth/login');
+    await page.getByLabel('Email Address').fill(credentials.email);
+    await page.getByLabel('Password').fill(credentials.password);
+
+    await Promise.all([
+      page.getByRole('button', { name: 'Sign In' }).click(),
+      page.waitForURL((url) => !url.pathname.startsWith('/auth/login'), { timeout: 15_000 }),
+    ]);
+  }
+
+  private static getCredentials(role: AuthRole): Credentials {
+    if (role === 'admin') {
+      return { email: 'demo.admin@example.com', password: 'Demo1234!' };
+    }
+
+    if (role === 'sponsor') {
+      return { email: 'demo.sponsor@example.com', password: 'Demo1234!' };
+    }
+
+    return { email: 'demo.driver@example.com', password: 'Demo1234!' };
+  }
 }